Bug #75937
closed
Updating global extensions via EM silently leaves potentially risky code on the server.
0%
Description
Since EM in 6.2 does not provide any information about installation place of Extension (typo3/sysext, typo3/ext, typo3conf/ext) you won't notice that there is old code left on the server.
If you update an extension which is globally installed, EM silently installs to local directory, leaving the global directory untouched.
In case of security fixes in such extensions, the security-leak just remains silently on the server, no chance to find that out via TYPO3.
IMHO we should AT LEAST have information about this bad and potentially risky behaviour in the extension manager.
Updated by Clemens Riccabona about 7 years ago
- Target version set to 8 LTS
- TYPO3 Version changed from 6.2 to 7
- PHP Version changed from 5.6 to 7.0
Updated by Clemens Riccabona about 7 years ago
- Subject changed from Updating global Extensions via EM in 6.2 silently leaves code on the server. to Updating global extensions via EM silently leaves potentially risky code on the server.
Updated by Benni Mack about 7 years ago
- Target version changed from 8 LTS to Candidate for patchlevel
Updated by Susanne Moog about 4 years ago
- Status changed from New to Rejected
As the upgrade guide states that global extensions have to be removed after upgrade and support for them has been discontinued for quite some time I'm going to close the issue here.